Warning: Permanently added '[localhost]:65415' (ECDSA) to the list of known hosts. 2025/09/01 09:50:54 fuzzer started 2025/09/01 09:50:54 dialing manager at localhost:35473 syzkaller login: [ 51.301851] cgroup: Unknown subsys name 'net' [ 51.354871] cgroup: Unknown subsys name 'cpuset' [ 51.368241] cgroup: Unknown subsys name 'rlimit' 2025/09/01 09:51:05 syscalls: 2214 2025/09/01 09:51:05 code coverage: enabled 2025/09/01 09:51:05 comparison tracing: enabled 2025/09/01 09:51:05 extra coverage: enabled 2025/09/01 09:51:05 setuid sandbox: enabled 2025/09/01 09:51:05 namespace sandbox: enabled 2025/09/01 09:51:05 Android sandbox: enabled 2025/09/01 09:51:05 fault injection: enabled 2025/09/01 09:51:05 leak checking: enabled 2025/09/01 09:51:05 net packet injection: enabled 2025/09/01 09:51:05 net device setup: enabled 2025/09/01 09:51:05 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 09:51:05 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 09:51:05 USB emulation: enabled 2025/09/01 09:51:05 hci packet injection: enabled 2025/09/01 09:51:05 wifi device emulation: enabled 2025/09/01 09:51:05 802.15.4 emulation: enabled 2025/09/01 09:51:05 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 09:51:05 fetching corpus: 50, signal 19070/22602 (executing program) 2025/09/01 09:51:05 fetching corpus: 100, signal 31992/36828 (executing program) 2025/09/01 09:51:05 fetching corpus: 150, signal 40484/46490 (executing program) 2025/09/01 09:51:05 fetching corpus: 200, signal 46287/53372 (executing program) 2025/09/01 09:51:05 fetching corpus: 250, signal 51436/59524 (executing program) 2025/09/01 09:51:05 fetching corpus: 300, signal 55884/64938 (executing program) 2025/09/01 09:51:05 fetching corpus: 350, signal 62726/72391 (executing program) 2025/09/01 09:51:06 fetching corpus: 400, signal 67071/77480 (executing program) 2025/09/01 09:51:06 fetching corpus: 450, signal 71172/82209 (executing program) 2025/09/01 09:51:06 fetching corpus: 500, signal 73791/85607 (executing program) 2025/09/01 09:51:06 fetching corpus: 550, signal 76463/88961 (executing program) 2025/09/01 09:51:06 fetching corpus: 600, signal 79050/92187 (executing program) 2025/09/01 09:51:06 fetching corpus: 650, signal 80969/94826 (executing program) 2025/09/01 09:51:06 fetching corpus: 700, signal 83581/97971 (executing program) 2025/09/01 09:51:06 fetching corpus: 750, signal 84814/99898 (executing program) 2025/09/01 09:51:06 fetching corpus: 800, signal 86294/102022 (executing program) 2025/09/01 09:51:06 fetching corpus: 850, signal 89350/105295 (executing program) 2025/09/01 09:51:07 fetching corpus: 900, signal 91556/107881 (executing program) 2025/09/01 09:51:07 fetching corpus: 950, signal 92790/109694 (executing program) 2025/09/01 09:51:07 fetching corpus: 1000, signal 95934/112912 (executing program) 2025/09/01 09:51:07 fetching corpus: 1050, signal 97519/114960 (executing program) 2025/09/01 09:51:07 fetching corpus: 1100, signal 99805/117377 (executing program) 2025/09/01 09:51:07 fetching corpus: 1150, signal 100893/118935 (executing program) 2025/09/01 09:51:07 fetching corpus: 1200, signal 102067/120486 (executing program) 2025/09/01 09:51:07 fetching corpus: 1250, signal 103552/122272 (executing program) 2025/09/01 09:51:07 fetching corpus: 1300, signal 105652/124362 (executing program) 2025/09/01 09:51:07 fetching corpus: 1350, signal 107389/126183 (executing program) 2025/09/01 09:51:07 fetching corpus: 1400, signal 108965/127848 (executing program) 2025/09/01 09:51:08 fetching corpus: 1450, signal 110192/129297 (executing program) 2025/09/01 09:51:08 fetching corpus: 1500, signal 111590/130821 (executing program) 2025/09/01 09:51:08 fetching corpus: 1550, signal 112875/132173 (executing program) 2025/09/01 09:51:08 fetching corpus: 1600, signal 113506/133134 (executing program) 2025/09/01 09:51:08 fetching corpus: 1650, signal 114998/134570 (executing program) 2025/09/01 09:51:08 fetching corpus: 1700, signal 115921/135663 (executing program) 2025/09/01 09:51:08 fetching corpus: 1750, signal 117037/136889 (executing program) 2025/09/01 09:51:08 fetching corpus: 1800, signal 118270/138091 (executing program) 2025/09/01 09:51:09 fetching corpus: 1850, signal 120165/139684 (executing program) 2025/09/01 09:51:09 fetching corpus: 1900, signal 120993/140591 (executing program) 2025/09/01 09:51:09 fetching corpus: 1950, signal 122007/141614 (executing program) 2025/09/01 09:51:09 fetching corpus: 2000, signal 123047/142572 (executing program) 2025/09/01 09:51:09 fetching corpus: 2050, signal 123963/143463 (executing program) 2025/09/01 09:51:09 fetching corpus: 2100, signal 124950/144429 (executing program) 2025/09/01 09:51:09 fetching corpus: 2150, signal 125605/145212 (executing program) 2025/09/01 09:51:09 fetching corpus: 2200, signal 126203/145911 (executing program) 2025/09/01 09:51:09 fetching corpus: 2250, signal 127275/146799 (executing program) 2025/09/01 09:51:09 fetching corpus: 2300, signal 128026/147604 (executing program) 2025/09/01 09:51:09 fetching corpus: 2350, signal 128638/148284 (executing program) 2025/09/01 09:51:10 fetching corpus: 2400, signal 129496/149031 (executing program) 2025/09/01 09:51:10 fetching corpus: 2450, signal 130316/149746 (executing program) 2025/09/01 09:51:10 fetching corpus: 2500, signal 130886/150356 (executing program) 2025/09/01 09:51:10 fetching corpus: 2550, signal 131816/151083 (executing program) 2025/09/01 09:51:10 fetching corpus: 2600, signal 132536/151713 (executing program) 2025/09/01 09:51:10 fetching corpus: 2650, signal 133565/152453 (executing program) 2025/09/01 09:51:10 fetching corpus: 2700, signal 134275/152988 (executing program) 2025/09/01 09:51:10 fetching corpus: 2750, signal 135330/153649 (executing program) 2025/09/01 09:51:10 fetching corpus: 2800, signal 136439/154335 (executing program) 2025/09/01 09:51:10 fetching corpus: 2850, signal 137082/154896 (executing program) 2025/09/01 09:51:10 fetching corpus: 2900, signal 138476/155582 (executing program) 2025/09/01 09:51:11 fetching corpus: 2950, signal 139100/156047 (executing program) 2025/09/01 09:51:11 fetching corpus: 3000, signal 139787/156501 (executing program) 2025/09/01 09:51:11 fetching corpus: 3050, signal 140309/156899 (executing program) 2025/09/01 09:51:11 fetching corpus: 3100, signal 140900/157283 (executing program) 2025/09/01 09:51:11 fetching corpus: 3150, signal 141677/157715 (executing program) 2025/09/01 09:51:11 fetching corpus: 3200, signal 142404/158090 (executing program) 2025/09/01 09:51:11 fetching corpus: 3250, signal 142905/158417 (executing program) 2025/09/01 09:51:11 fetching corpus: 3300, signal 143952/158956 (executing program) 2025/09/01 09:51:11 fetching corpus: 3350, signal 144792/159320 (executing program) 2025/09/01 09:51:11 fetching corpus: 3400, signal 145294/159635 (executing program) 2025/09/01 09:51:12 fetching corpus: 3450, signal 145808/159929 (executing program) 2025/09/01 09:51:12 fetching corpus: 3500, signal 146319/160171 (executing program) 2025/09/01 09:51:12 fetching corpus: 3550, signal 147078/160429 (executing program) 2025/09/01 09:51:12 fetching corpus: 3600, signal 147683/160690 (executing program) 2025/09/01 09:51:12 fetching corpus: 3650, signal 148369/160988 (executing program) 2025/09/01 09:51:12 fetching corpus: 3700, signal 149154/161229 (executing program) 2025/09/01 09:51:12 fetching corpus: 3750, signal 149635/161435 (executing program) 2025/09/01 09:51:12 fetching corpus: 3800, signal 150247/161625 (executing program) 2025/09/01 09:51:12 fetching corpus: 3850, signal 150927/161899 (executing program) 2025/09/01 09:51:13 fetching corpus: 3900, signal 151741/162033 (executing program) 2025/09/01 09:51:13 fetching corpus: 3950, signal 152250/162133 (executing program) 2025/09/01 09:51:13 fetching corpus: 4000, signal 152845/162188 (executing program) 2025/09/01 09:51:13 fetching corpus: 4050, signal 153837/162198 (executing program) 2025/09/01 09:51:13 fetching corpus: 4100, signal 154230/162199 (executing program) 2025/09/01 09:51:13 fetching corpus: 4150, signal 154662/162217 (executing program) 2025/09/01 09:51:13 fetching corpus: 4200, signal 155149/162227 (executing program) 2025/09/01 09:51:13 fetching corpus: 4250, signal 155688/162228 (executing program) 2025/09/01 09:51:13 fetching corpus: 4300, signal 156233/162260 (executing program) 2025/09/01 09:51:13 fetching corpus: 4350, signal 156766/162293 (executing program) 2025/09/01 09:51:14 fetching corpus: 4400, signal 157172/162297 (executing program) 2025/09/01 09:51:14 fetching corpus: 4450, signal 157608/162303 (executing program) 2025/09/01 09:51:14 fetching corpus: 4500, signal 158072/162307 (executing program) 2025/09/01 09:51:14 fetching corpus: 4550, signal 158820/162425 (executing program) 2025/09/01 09:51:14 fetching corpus: 4600, signal 159200/162428 (executing program) 2025/09/01 09:51:14 fetching corpus: 4650, signal 159545/162446 (executing program) 2025/09/01 09:51:14 fetching corpus: 4650, signal 159545/162446 (executing program) 2025/09/01 09:51:16 starting 8 fuzzer processes 09:51:16 executing program 0: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) read(r0, 0x0, 0x0) 09:51:16 executing program 1: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='gid_map\x00') preadv(r0, &(0x7f00000011c0)=[{&(0x7f0000000040)=""/4096, 0x1000}], 0x1, 0x0, 0x0) 09:51:16 executing program 3: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000001a40), 0x0, 0x0) ioctl$RTC_ALM_SET(r0, 0x40247007, &(0x7f0000000080)={0x0, 0x0, 0x3e7}) [ 73.195355] audit: type=1400 audit(1756720276.761:7): avc: denied { execmem } for pid=272 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 09:51:16 executing program 2: r0 = signalfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) r1 = signalfd(0xffffffffffffffff, &(0x7f0000000040), 0x8) read(r0, &(0x7f0000000080)=""/136, 0x88) signalfd(r1, &(0x7f0000000140), 0x8) 09:51:16 executing program 6: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = getpid() r1 = pidfd_open(r0, 0x0) r2 = pidfd_open(r0, 0x0) pidfd_getfd(r2, r1, 0x0) 09:51:16 executing program 7: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0xd) 09:51:16 executing program 4: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='configfs\x00', 0x0, 0x0) chown(&(0x7f00000036c0)='./file0\x00', 0x0, 0x0) 09:51:16 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000140)={0x10001}) [ 74.343043] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 74.346472] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 74.349309] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 74.354179] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 74.358311] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 74.405124] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 74.407548] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 74.412414] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 74.421259] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 74.424386] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 74.602548] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 74.617159] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 74.622060] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 74.632065] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 74.636677] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 74.690233] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 74.692434] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 74.695381] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 74.699416] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 74.701657] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 74.703513] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 74.705950] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 74.707438] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 74.709299] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 74.712522] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 74.714054] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 74.717296] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 74.718701] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 74.722028] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 74.726410] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 74.735081] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 74.736916] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 74.737321] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 74.745104] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 74.746069] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 74.748151] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 74.751082] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 74.775315] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 74.788970] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 74.800350] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 76.372034] Bluetooth: hci0: command tx timeout [ 76.500789] Bluetooth: hci1: command tx timeout [ 76.690943] Bluetooth: hci2: command tx timeout [ 76.755765] Bluetooth: hci5: command tx timeout [ 76.818801] Bluetooth: hci6: command tx timeout [ 76.819368] Bluetooth: hci3: command tx timeout [ 76.819837] Bluetooth: hci4: command tx timeout [ 76.883762] Bluetooth: hci7: command tx timeout [ 78.419398] Bluetooth: hci0: command tx timeout [ 78.547777] Bluetooth: hci1: command tx timeout [ 78.739805] Bluetooth: hci2: command tx timeout [ 78.803818] Bluetooth: hci5: command tx timeout [ 78.867815] Bluetooth: hci4: command tx timeout [ 78.868257] Bluetooth: hci3: command tx timeout [ 78.868690] Bluetooth: hci6: command tx timeout [ 78.930772] Bluetooth: hci7: command tx timeout [ 80.467755] Bluetooth: hci0: command tx timeout [ 80.595925] Bluetooth: hci1: command tx timeout [ 80.788610] Bluetooth: hci2: command tx timeout [ 80.850878] Bluetooth: hci5: command tx timeout [ 80.915949] Bluetooth: hci6: command tx timeout [ 80.916347] Bluetooth: hci3: command tx timeout [ 80.916901] Bluetooth: hci4: command tx timeout [ 80.978808] Bluetooth: hci7: command tx timeout [ 82.515841] Bluetooth: hci0: command tx timeout [ 82.643829] Bluetooth: hci1: command tx timeout [ 82.834932] Bluetooth: hci2: command tx timeout [ 82.899850] Bluetooth: hci5: command tx timeout [ 82.965866] Bluetooth: hci4: command tx timeout [ 82.966241] Bluetooth: hci3: command tx timeout [ 82.966631] Bluetooth: hci6: command tx timeout [ 83.027835] Bluetooth: hci7: command tx timeout [ 109.159019] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.159607] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.236652] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.237264] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.298363] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.299217] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.338099] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.338648] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.379806] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.380379] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.413847] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.414407] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.439699] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.440307] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:51:53 executing program 7: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0xd) [ 109.482656] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.483378] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:51:53 executing program 7: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0xd) 09:51:53 executing program 7: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0xd) [ 109.540665] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.541509] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.592775] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.593366] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:51:53 executing program 7: setresuid(0xee01, 0xee00, 0x0) mlockall(0x5) 09:51:53 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000140)={0x10001}) [ 109.652028] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.652577] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:51:53 executing program 7: setresuid(0xee01, 0xee00, 0x0) mlockall(0x5) 09:51:53 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000140)={0x10001}) 09:51:53 executing program 7: setresuid(0xee01, 0xee00, 0x0) mlockall(0x5) [ 109.730300] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.731069] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.781187] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.781779] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.835044] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.835597] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.884756] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.885308] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.915241] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.915870] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:51:54 executing program 0: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) read(r0, 0x0, 0x0) 09:51:54 executing program 4: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='configfs\x00', 0x0, 0x0) chown(&(0x7f00000036c0)='./file0\x00', 0x0, 0x0) 09:51:54 executing program 3: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000001a40), 0x0, 0x0) ioctl$RTC_ALM_SET(r0, 0x40247007, &(0x7f0000000080)={0x0, 0x0, 0x3e7}) 09:51:54 executing program 2: r0 = signalfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) r1 = signalfd(0xffffffffffffffff, &(0x7f0000000040), 0x8) read(r0, &(0x7f0000000080)=""/136, 0x88) signalfd(r1, &(0x7f0000000140), 0x8) 09:51:54 executing program 7: setresuid(0xee01, 0xee00, 0x0) mlockall(0x5) 09:51:54 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000140)={0x10001}) 09:51:54 executing program 6: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = getpid() r1 = pidfd_open(r0, 0x0) r2 = pidfd_open(r0, 0x0) pidfd_getfd(r2, r1, 0x0) 09:51:54 executing program 1: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='gid_map\x00') preadv(r0, &(0x7f00000011c0)=[{&(0x7f0000000040)=""/4096, 0x1000}], 0x1, 0x0, 0x0) 09:51:54 executing program 6: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = getpid() r1 = pidfd_open(r0, 0x0) r2 = pidfd_open(r0, 0x0) pidfd_getfd(r2, r1, 0x0) 09:51:54 executing program 5: r0 = signalfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) r1 = signalfd(0xffffffffffffffff, &(0x7f0000000040), 0x8) read(r0, &(0x7f0000000080)=""/136, 0x88) signalfd(r1, &(0x7f0000000140), 0x8) 09:51:54 executing program 1: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='gid_map\x00') preadv(r0, &(0x7f00000011c0)=[{&(0x7f0000000040)=""/4096, 0x1000}], 0x1, 0x0, 0x0) 09:51:54 executing program 3: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000001a40), 0x0, 0x0) ioctl$RTC_ALM_SET(r0, 0x40247007, &(0x7f0000000080)={0x0, 0x0, 0x3e7}) 09:51:55 executing program 5: r0 = signalfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) r1 = signalfd(0xffffffffffffffff, &(0x7f0000000040), 0x8) read(r0, &(0x7f0000000080)=""/136, 0x88) signalfd(r1, &(0x7f0000000140), 0x8) 09:51:55 executing program 1: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='gid_map\x00') preadv(r0, &(0x7f00000011c0)=[{&(0x7f0000000040)=""/4096, 0x1000}], 0x1, 0x0, 0x0) 09:51:55 executing program 0: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) read(r0, 0x0, 0x0) 09:51:55 executing program 6: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = getpid() r1 = pidfd_open(r0, 0x0) r2 = pidfd_open(r0, 0x0) pidfd_getfd(r2, r1, 0x0) 09:51:55 executing program 4: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='configfs\x00', 0x0, 0x0) chown(&(0x7f00000036c0)='./file0\x00', 0x0, 0x0) 09:51:55 executing program 3: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000001a40), 0x0, 0x0) ioctl$RTC_ALM_SET(r0, 0x40247007, &(0x7f0000000080)={0x0, 0x0, 0x3e7}) 09:51:55 executing program 7: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SCROLLCONSOLE(r0, 0x4b72, &(0x7f0000000140)) 09:51:55 executing program 2: r0 = signalfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) r1 = signalfd(0xffffffffffffffff, &(0x7f0000000040), 0x8) read(r0, &(0x7f0000000080)=""/136, 0x88) signalfd(r1, &(0x7f0000000140), 0x8) 09:51:55 executing program 3: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0) ioctl$CDROM_SEND_PACKET(r0, 0x5304, &(0x7f0000000340)={"9aa04bb5181700d0f7d4c0ae", 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0}) 09:51:55 executing program 6: perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1880, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xccb9a74c721aaad6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 09:51:55 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_NOACK_MAP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 111.965829] audit: type=1400 audit(1756720315.528:8): avc: denied { open } for pid=3955 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 111.975803] audit: type=1400 audit(1756720315.529:9): avc: denied { kernel } for pid=3955 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 09:51:55 executing program 7: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SCROLLCONSOLE(r0, 0x4b72, &(0x7f0000000140)) 09:51:55 executing program 6: perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1880, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xccb9a74c721aaad6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 112.046360] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 112.048042] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 112.049159] CPU: 1 UID: 0 PID: 3963 Comm: syz-executor.7 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 112.053341] Tainted: [W]=WARN [ 112.054898] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 112.058115] RIP: 0010:perf_tp_event+0x175/0xe70 [ 112.058784] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 112.061424] RSP: 0018:ffff888045a9f800 EFLAGS: 00010212 [ 112.062213] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 112.063253] RDX: ffff8880165e8000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 112.064311] RBP: ffff888045a9fa70 R08: ffff88806cf31340 R09: ffffe8ffffd15e50 [ 112.065355] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 112.066386] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 112.067418] FS: 00005555820c4400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 112.068614] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 112.069490] CR2: 00005555820c5c18 CR3: 000000000dd72000 CR4: 0000000000350ef0 [ 112.070547] Call Trace: [ 112.070936] [ 112.071290] ? arch_scale_cpu_capacity+0x17/0xa0 [ 112.072026] ? __pfx_perf_tp_event+0x10/0x10 [ 112.072694] ? __asan_memset+0x24/0x50 [ 112.073332] ? perf_trace_lock+0xb5/0x5d0 [ 112.073965] ? kvm_sched_clock_read+0x16/0x30 [ 112.074665] ? sched_clock+0x37/0x60 [ 112.075249] ? sched_clock_cpu+0x6c/0x4e0 [ 112.075880] ? perf_trace_run_bpf_submit+0xef/0x180 [ 112.076635] perf_trace_run_bpf_submit+0xef/0x180 [ 112.077388] perf_trace_lock+0x337/0x5d0 [ 112.078023] ? __pfx_perf_trace_lock+0x10/0x10 [ 112.078729] ? lock_acquire+0x15e/0x2f0 [ 112.079341] ? futex_ref_get+0x48/0x300 [ 112.079936] ? futex_ref_get+0x114/0x300 [ 112.080543] ? futex_hash+0x15c/0x390 [ 112.081135] lock_release+0x1ab/0x290 [ 112.081716] ? futex_hash+0x15c/0x390 [ 112.082291] futex_ref_get+0x119/0x300 [ 112.082888] ? futex_hash+0x15c/0x390 [ 112.083455] futex_hash+0x70/0x390 [ 112.084004] futex_wake+0x143/0x540 [ 112.084574] ? put_pid+0x1f/0x30 [ 112.085116] ? kernel_clone+0x204/0x7f0 [ 112.085717] ? __pfx_futex_wake+0x10/0x10 [ 112.086340] ? __pfx_kernel_clone+0x10/0x10 [ 112.086982] ? perf_trace_lock+0xb5/0x5d0 [ 112.087614] do_futex+0x26d/0x370 [ 112.088148] ? __pfx_do_futex+0x10/0x10 [ 112.088754] ? __pfx___do_sys_clone+0x10/0x10 [ 112.089441] ? find_held_lock+0x2b/0x80 [ 112.090046] __x64_sys_futex+0x1c9/0x4d0 [ 112.090660] ? __pfx___x64_sys_futex+0x10/0x10 [ 112.091369] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 112.092160] do_syscall_64+0xbf/0x360 [ 112.092734] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.093500] RIP: 0033:0x7f0ada0fcb19 [ 112.094053] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 112.096670] RSP: 002b:00007ffce1f200a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 112.097790] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0ada0fcb19 [ 112.098832] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f0ada20ff68 [ 112.099869] RBP: 00007f0ada20ff60 R08: 00007f0ad7672700 R09: 0000000000000000 [ 112.100914] R10: 00007f0ad7672700 R11: 0000000000000246 R12: 00007f0ada214060 [ 112.101971] R13: 00007ffce1f201b0 R14: 00007f0ada20ff60 R15: 000000000001b4ed [ 112.103031] [ 112.103401] Modules linked in: [ 112.104186] ---[ end trace 0000000000000000 ]--- [ 112.105057] RIP: 0010:perf_tp_event+0x175/0xe70 [ 112.105808] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 112.108482] RSP: 0018:ffff888045a9f800 EFLAGS: 00010212 [ 112.109317] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 112.110410] RDX: ffff8880165e8000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 112.111468] kmemleak: Found object by alias at 0x607f1a63de54 [ 112.111488] CPU: 0 UID: 0 PID: 3966 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 112.111509] Tainted: [D]=DIE, [W]=WARN [ 112.111513] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 112.111521] Call Trace: [ 112.111525] [ 112.111529] dump_stack_lvl+0xca/0x120 [ 112.111554] __lookup_object+0x94/0xb0 [ 112.111571] delete_object_full+0x27/0x70 [ 112.111587] free_percpu+0x30/0x1160 [ 112.111604] ? arch_uprobe_clear_state+0x16/0x140 [ 112.111624] futex_hash_free+0x38/0xc0 [ 112.111638] mmput+0x2d3/0x390 [ 112.111657] do_exit+0x79d/0x2970 [ 112.111671] ? signal_wake_up_state+0x85/0x120 [ 112.111686] ? zap_other_threads+0x2b9/0x3a0 [ 112.111702] ? __pfx_do_exit+0x10/0x10 [ 112.111719] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 112.111737] ? lock_release+0x1c7/0x290 [ 112.111751] do_group_exit+0xd3/0x2a0 [ 112.111765] __x64_sys_exit_group+0x3e/0x50 [ 112.111779] x64_sys_call+0x18c5/0x18d0 [ 112.111795] do_syscall_64+0xbf/0x360 [ 112.111808] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.111820] RIP: 0033:0x7fe0dd8d9b19 [ 112.111828] Code: Unable to access opcode bytes at 0x7fe0dd8d9aef. [ 112.111834] RSP: 002b:00007fffc59cadc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 112.111845] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fe0dd8d9b19 [ 112.111853] RDX: 00007fe0dd88c72b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 112.111860] RBP: 0000000000000000 R08: 0000001b2d12001c R09: 0000000000000000 [ 112.111868] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 112.111874] R13: 0000000000000000 R14: 0000000000000001 R15: 00007fffc59caeb0 [ 112.111885] [ 112.111889] kmemleak: Object (percpu) 0x607f1a63de50 (size 8): [ 112.111896] kmemleak: comm "syz-executor.3", pid 3958, jiffies 4294778645 [ 112.111903] kmemleak: min_count = 1 [ 112.111907] kmemleak: count = 1 [ 112.111911] kmemleak: flags = 0x21 [ 112.111914] kmemleak: checksum = 0 [ 112.111918] kmemleak: backtrace: [ 112.111921] pcpu_alloc_noprof+0x87a/0x1170 [ 112.111937] perf_trace_event_init+0x366/0xa10 [ 112.111952] perf_trace_init+0x1a4/0x2f0 [ 112.111964] perf_tp_event_init+0xa6/0x120 [ 112.111980] perf_try_init_event+0x140/0x9f0 [ 112.111995] perf_event_alloc.part.0+0x118e/0x45f0 [ 112.112012] __do_sys_perf_event_open+0x719/0x2c20 [ 112.112025] do_syscall_64+0xbf/0x360 [ 112.112035] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.148410] RBP: ffff888045a9fa70 R08: ffff88806cf31340 R09: ffffe8ffffd15e50 [ 112.149503] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 112.150584] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 112.151680] FS: 00005555820c4400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 112.152892] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 112.153804] CR2: 00005555820c5c18 CR3: 000000000dd72000 CR4: 0000000000350ef0 [ 112.154892] note: syz-executor.7[3963] exited with preempt_count 1 [ 112.155826] BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:51 [ 112.157289] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 3963, name: syz-executor.7 [ 112.159120] preempt_count: 0, expected: 0 [ 112.159919] RCU nest depth: 2, expected: 0 [ 112.161020] INFO: lockdep is turned off. [ 112.161625] CPU: 1 UID: 0 PID: 3963 Comm: syz-executor.7 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 112.161661] Tainted: [D]=DIE, [W]=WARN [ 112.161669] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 112.161680] Call Trace: [ 112.161689] [ 112.161699] dump_stack_lvl+0xfa/0x120 [ 112.161742] __might_resched+0x2f3/0x510 [ 112.161766] exit_signals+0x25/0x940 [ 112.161798] do_exit+0x2db/0x2970 [ 112.161823] ? _printk+0xbe/0xf0 [ 112.161847] ? __pfx__printk+0x10/0x10 [ 112.161872] ? __pfx_do_exit+0x10/0x10 [ 112.161899] make_task_dead+0x174/0x3b0 [ 112.161924] ? do_syscall_64+0xbf/0x360 [ 112.161944] rewind_stack_and_make_dead+0x16/0x20 [ 112.161973] RIP: 0033:0x7f0ada0fcb19 [ 112.161989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 112.162008] RSP: 002b:00007ffce1f200a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 112.162029] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0ada0fcb19 [ 112.162043] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f0ada20ff68 [ 112.162056] RBP: 00007f0ada20ff60 R08: 00007f0ad7672700 R09: 0000000000000000 [ 112.162069] R10: 00007f0ad7672700 R11: 0000000000000246 R12: 00007f0ada214060 [ 112.162082] R13: 00007ffce1f201b0 R14: 00007f0ada20ff60 R15: 000000000001b4ed [ 112.162102] 09:51:58 executing program 0: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) read(r0, 0x0, 0x0) 09:51:58 executing program 4: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='configfs\x00', 0x0, 0x0) chown(&(0x7f00000036c0)='./file0\x00', 0x0, 0x0) 09:51:58 executing program 3: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0) ioctl$CDROM_SEND_PACKET(r0, 0x5304, &(0x7f0000000340)={"9aa04bb5181700d0f7d4c0ae", 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0}) 09:51:58 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_NOACK_MAP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 09:51:58 executing program 6: perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1880, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xccb9a74c721aaad6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 09:51:58 executing program 7: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SCROLLCONSOLE(r0, 0x4b72, &(0x7f0000000140)) 09:51:58 executing program 2: r0 = signalfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) r1 = signalfd(0xffffffffffffffff, &(0x7f0000000040), 0x8) read(r0, &(0x7f0000000080)=""/136, 0x88) signalfd(r1, &(0x7f0000000140), 0x8) 09:51:58 executing program 5: r0 = signalfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) r1 = signalfd(0xffffffffffffffff, &(0x7f0000000040), 0x8) read(r0, &(0x7f0000000080)=""/136, 0x88) signalfd(r1, &(0x7f0000000140), 0x8) 09:51:58 executing program 4: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x3, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, {0x6100}, 0x91cd034e4809f27}, 0x0) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCDELRT(r3, 0x890c, &(0x7f0000000000)={0x0, @xdp={0x2c, 0x1, 0x0, 0x34}, @in={0x2, 0x4e24, @empty}, @llc={0x1a, 0xffff, 0x1, 0xff, 0x0, 0xff}, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x5, 0x10000000007f, 0x2}) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x8916, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x3}}, 0x0, r6}) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000080)={'sit0\x00', &(0x7f0000000180)={'syztnl1\x00', r6, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @loopback, 0x0, 0x20}}) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000740)=0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000009c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000980)={&(0x7f0000000240)=ANY=[@ANYBLOB="dc0100001800000125bd7000fedbdf25000000000000000000000000000000000a0101020000000000000000000000004e2404014e2300000000000000000000005232c5631a1d434f42f8ca5776bd6687aacaf5d7eb633396643b56b9bf4c6651c3acf092efcc9e6878d11a5d78", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0a010100000000000000000000000000000004d33300000064010100000000000000000000000000c5ffffffffffffff05000000000000000104000000000000210000000000000000000000000000004000000000000000030000000000000000fcffffffffffff0104000000000000d10200000000000009000000000000000800000000000000000800bb0200000002000027bd70000740bf49916e7bb313eb5f1b3500000a0006060200000000000000b500000000000000e4000600fe800000000000000000000000000037000000000000000000000000000000004e20009b4e23", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="ac1414aa000000000000000000000000000004d46c00000000000000000000000000000000000000dd0e0000000000004d0000000000000000010000000000000200000000000000060000000000000005000000000000001f00000000000000000005000000000000005f9300000000000008000000000000002000000007000000500f000028bd700007350000020002d64700"/168], 0x1dc}, 0x1, 0x0, 0x0, 0x4000011}, 0x40084) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@ll={0x11, 0xf5, r6, 0x1, 0x4, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xf}}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000200)="f367f041c470da6da401aca4a15f7894e27eba90d9e338f4d5f3c06f888f264896603bdb69b8", 0x26}], 0x1, &(0x7f0000000a00)=ANY=[@ANYBLOB="78000000000000001801000000020000a08c91caac1f43fc3cb00da6deaa503d79c2788ee4d392585369571d6b3b5fe333a0101160d844461524fe40193f23bd7e51071f6d5ea4046c878dde9afb63a167d45f7ad6a6e6e78ef400108f16fa06ea13f8a810f24df6dab8adf0da7f78379300000000000000b000000000000000080100000100000013deec1a0eb8fbb8006a7f053477a6bb35ded80f390fc302bb2c2fc621d130b0a9faac44ad575c375bebc64be388335dde0396309a0f26e04bf2c811cf1b186a172737036879eb03e1af7b9f0f546b0410833748770cd99f2a070a53897783c6969afed592c6a33544c9aa20b2b857d0cec7eec10a9c9ba8b3523e6a57e4afca28e8a6483606d1adc06cbc507380769d127557ee3fd661eb1de8470ed0d870000000ac88e3ed900000000000000010010000080000000e15cb0fa60f112d155fed0e14594608dba2c60edc3f67a64c32dad570e1cad670c937ba9d86ad5fdcc8d5d29972e7bbee34dc5efeb89089924e9f3894a588d10de678f4cb1493b73f2595f213ced0433e4f7e6491d46b73be682f279e1ebda8aec575151e6cd43977a3fc1d843fde3d272e162fa30e3307e1afdc00000000007502ab9cf99b8711100100005a0c0000dc0acc25165a664b94c40da6103d8409d01471b0d21e703f331dbe40d13402573c291a13c9c33443ae09743d2d8359819e4259e54d4d5fa4c9e239eb947418a389d38f1707078344084de6ab59f44b4c1d3a5ef99cdc3f7c232f29996710047ac144e234ce926ff9c57281e30ba564a30902d942db2f337f52a9702b3d16f33505d3310fdddfdcd44ea54f610bae7d4948e15aef8081cb8dc9fa76cc812b17279f7fd65d866b36e85e1a385716864215bcabc555e2704b158073bf3993f9424521ee878ab65f9f3212cd7fee5dfc181d937b86f5f2473f08557e5c842510010000000000000101000000020000c593133edd9b0501b546088b8b7199e31f1d4479443cd500f307183db7c0eff02809b2448ac3fb9306000000000000002ed87c2ffbae74f34361fb003df6e9765293f411501ad1f8a90101c525c29e54173c6e633edf30ce98c9338d522a50b3ebf809ee69f432ec41f9b47f7a1ba2f9474aaeb91150a94012913776a97426414b504fb5cf5d865dfdfa63108a18cf03a9c3d58014209ef9c5021a637f4b1036a2658b1b2a7edf0724ceb130f63f1045c70d1d58ecad85718f9046565ca300da940d64b248bcbf8601157786d886c84eacbb06a53d17363bce8c5b2b4b45dacbb8e53aed6f45fd3965aae271dbc75651a0d54920e034d2ba1928e5d10000000066a5d91d703d97317a8cbc869dd93bd874942735ba3867067a38ff7405e6d6f9997b472d6f2641f1abd56388dca26a64a2d3ae0a6013f4d53977b047ba150afe2c345613677f03dfc4bddf7226e7e3a3f908675787a4f3000000000000000000000000000000bb4071768aaae2e8cb2d8b701dbfe590faee3b1c243706e23cb5074d1ea55e1a17f0b23381467d1aeb2fd3a900"/1114], 0x3d0}, 0x0, 0x8000000, 0x1, {0x0, r8}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd, 0x0, 0x0, 0x9c, 0x5, 0x0, {0x0, r8, r2}}, 0x3000) syz_io_uring_submit(0x0, r1, &(0x7f0000000080)=@IORING_OP_READ_FIXED={0x4, 0x4, 0x0, @fd=r0, 0xff3, 0xf09, 0x3ff, 0x1, 0x1, {0x2, r8}}, 0x3) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) 09:51:58 executing program 6: perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1880, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xccb9a74c721aaad6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 09:51:58 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_NOACK_MAP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 09:51:58 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000c00), 0x0, 0xb00) ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f0000000080)={0x0}) 09:51:58 executing program 7: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SCROLLCONSOLE(r0, 0x4b72, &(0x7f0000000140)) 09:51:58 executing program 3: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0) ioctl$CDROM_SEND_PACKET(r0, 0x5304, &(0x7f0000000340)={"9aa04bb5181700d0f7d4c0ae", 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0}) 09:51:58 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0xa0840, 0x0) ioctl$CDROMREADMODE2(r0, 0x1279, &(0x7f0000000480)) 09:51:58 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_NOACK_MAP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 09:51:58 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000c00), 0x0, 0xb00) ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f0000000080)={0x0}) 09:51:58 executing program 4: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x3, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, {0x6100}, 0x91cd034e4809f27}, 0x0) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCDELRT(r3, 0x890c, &(0x7f0000000000)={0x0, @xdp={0x2c, 0x1, 0x0, 0x34}, @in={0x2, 0x4e24, @empty}, @llc={0x1a, 0xffff, 0x1, 0xff, 0x0, 0xff}, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x5, 0x10000000007f, 0x2}) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x8916, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x3}}, 0x0, r6}) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000080)={'sit0\x00', &(0x7f0000000180)={'syztnl1\x00', r6, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @loopback, 0x0, 0x20}}) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000740)=0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000009c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000980)={&(0x7f0000000240)=ANY=[@ANYBLOB="dc0100001800000125bd7000fedbdf25000000000000000000000000000000000a0101020000000000000000000000004e2404014e2300000000000000000000005232c5631a1d434f42f8ca5776bd6687aacaf5d7eb633396643b56b9bf4c6651c3acf092efcc9e6878d11a5d78", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0a010100000000000000000000000000000004d33300000064010100000000000000000000000000c5ffffffffffffff05000000000000000104000000000000210000000000000000000000000000004000000000000000030000000000000000fcffffffffffff0104000000000000d10200000000000009000000000000000800000000000000000800bb0200000002000027bd70000740bf49916e7bb313eb5f1b3500000a0006060200000000000000b500000000000000e4000600fe800000000000000000000000000037000000000000000000000000000000004e20009b4e23", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="ac1414aa000000000000000000000000000004d46c00000000000000000000000000000000000000dd0e0000000000004d0000000000000000010000000000000200000000000000060000000000000005000000000000001f00000000000000000005000000000000005f9300000000000008000000000000002000000007000000500f000028bd700007350000020002d64700"/168], 0x1dc}, 0x1, 0x0, 0x0, 0x4000011}, 0x40084) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@ll={0x11, 0xf5, r6, 0x1, 0x4, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xf}}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000200)="f367f041c470da6da401aca4a15f7894e27eba90d9e338f4d5f3c06f888f264896603bdb69b8", 0x26}], 0x1, &(0x7f0000000a00)=ANY=[@ANYBLOB="78000000000000001801000000020000a08c91caac1f43fc3cb00da6deaa503d79c2788ee4d392585369571d6b3b5fe333a0101160d844461524fe40193f23bd7e51071f6d5ea4046c878dde9afb63a167d45f7ad6a6e6e78ef400108f16fa06ea13f8a810f24df6dab8adf0da7f78379300000000000000b000000000000000080100000100000013deec1a0eb8fbb8006a7f053477a6bb35ded80f390fc302bb2c2fc621d130b0a9faac44ad575c375bebc64be388335dde0396309a0f26e04bf2c811cf1b186a172737036879eb03e1af7b9f0f546b0410833748770cd99f2a070a53897783c6969afed592c6a33544c9aa20b2b857d0cec7eec10a9c9ba8b3523e6a57e4afca28e8a6483606d1adc06cbc507380769d127557ee3fd661eb1de8470ed0d870000000ac88e3ed900000000000000010010000080000000e15cb0fa60f112d155fed0e14594608dba2c60edc3f67a64c32dad570e1cad670c937ba9d86ad5fdcc8d5d29972e7bbee34dc5efeb89089924e9f3894a588d10de678f4cb1493b73f2595f213ced0433e4f7e6491d46b73be682f279e1ebda8aec575151e6cd43977a3fc1d843fde3d272e162fa30e3307e1afdc00000000007502ab9cf99b8711100100005a0c0000dc0acc25165a664b94c40da6103d8409d01471b0d21e703f331dbe40d13402573c291a13c9c33443ae09743d2d8359819e4259e54d4d5fa4c9e239eb947418a389d38f1707078344084de6ab59f44b4c1d3a5ef99cdc3f7c232f29996710047ac144e234ce926ff9c57281e30ba564a30902d942db2f337f52a9702b3d16f33505d3310fdddfdcd44ea54f610bae7d4948e15aef8081cb8dc9fa76cc812b17279f7fd65d866b36e85e1a385716864215bcabc555e2704b158073bf3993f9424521ee878ab65f9f3212cd7fee5dfc181d937b86f5f2473f08557e5c842510010000000000000101000000020000c593133edd9b0501b546088b8b7199e31f1d4479443cd500f307183db7c0eff02809b2448ac3fb9306000000000000002ed87c2ffbae74f34361fb003df6e9765293f411501ad1f8a90101c525c29e54173c6e633edf30ce98c9338d522a50b3ebf809ee69f432ec41f9b47f7a1ba2f9474aaeb91150a94012913776a97426414b504fb5cf5d865dfdfa63108a18cf03a9c3d58014209ef9c5021a637f4b1036a2658b1b2a7edf0724ceb130f63f1045c70d1d58ecad85718f9046565ca300da940d64b248bcbf8601157786d886c84eacbb06a53d17363bce8c5b2b4b45dacbb8e53aed6f45fd3965aae271dbc75651a0d54920e034d2ba1928e5d10000000066a5d91d703d97317a8cbc869dd93bd874942735ba3867067a38ff7405e6d6f9997b472d6f2641f1abd56388dca26a64a2d3ae0a6013f4d53977b047ba150afe2c345613677f03dfc4bddf7226e7e3a3f908675787a4f3000000000000000000000000000000bb4071768aaae2e8cb2d8b701dbfe590faee3b1c243706e23cb5074d1ea55e1a17f0b23381467d1aeb2fd3a900"/1114], 0x3d0}, 0x0, 0x8000000, 0x1, {0x0, r8}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd, 0x0, 0x0, 0x9c, 0x5, 0x0, {0x0, r8, r2}}, 0x3000) syz_io_uring_submit(0x0, r1, &(0x7f0000000080)=@IORING_OP_READ_FIXED={0x4, 0x4, 0x0, @fd=r0, 0xff3, 0xf09, 0x3ff, 0x1, 0x1, {0x2, r8}}, 0x3) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) 09:51:58 executing program 7: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x3, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, {0x6100}, 0x91cd034e4809f27}, 0x0) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCDELRT(r3, 0x890c, &(0x7f0000000000)={0x0, @xdp={0x2c, 0x1, 0x0, 0x34}, @in={0x2, 0x4e24, @empty}, @llc={0x1a, 0xffff, 0x1, 0xff, 0x0, 0xff}, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x5, 0x10000000007f, 0x2}) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x8916, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x3}}, 0x0, r6}) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000080)={'sit0\x00', &(0x7f0000000180)={'syztnl1\x00', r6, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @loopback, 0x0, 0x20}}) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000740)=0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000009c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000980)={&(0x7f0000000240)=ANY=[@ANYBLOB="dc0100001800000125bd7000fedbdf25000000000000000000000000000000000a0101020000000000000000000000004e2404014e2300000000000000000000005232c5631a1d434f42f8ca5776bd6687aacaf5d7eb633396643b56b9bf4c6651c3acf092efcc9e6878d11a5d78", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0a010100000000000000000000000000000004d33300000064010100000000000000000000000000c5ffffffffffffff05000000000000000104000000000000210000000000000000000000000000004000000000000000030000000000000000fcffffffffffff0104000000000000d10200000000000009000000000000000800000000000000000800bb0200000002000027bd70000740bf49916e7bb313eb5f1b3500000a0006060200000000000000b500000000000000e4000600fe800000000000000000000000000037000000000000000000000000000000004e20009b4e23", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="ac1414aa000000000000000000000000000004d46c00000000000000000000000000000000000000dd0e0000000000004d0000000000000000010000000000000200000000000000060000000000000005000000000000001f00000000000000000005000000000000005f9300000000000008000000000000002000000007000000500f000028bd700007350000020002d64700"/168], 0x1dc}, 0x1, 0x0, 0x0, 0x4000011}, 0x40084) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@ll={0x11, 0xf5, r6, 0x1, 0x4, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xf}}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000200)="f367f041c470da6da401aca4a15f7894e27eba90d9e338f4d5f3c06f888f264896603bdb69b8", 0x26}], 0x1, &(0x7f0000000a00)=ANY=[@ANYBLOB="78000000000000001801000000020000a08c91caac1f43fc3cb00da6deaa503d79c2788ee4d392585369571d6b3b5fe333a0101160d844461524fe40193f23bd7e51071f6d5ea4046c878dde9afb63a167d45f7ad6a6e6e78ef400108f16fa06ea13f8a810f24df6dab8adf0da7f78379300000000000000b000000000000000080100000100000013deec1a0eb8fbb8006a7f053477a6bb35ded80f390fc302bb2c2fc621d130b0a9faac44ad575c375bebc64be388335dde0396309a0f26e04bf2c811cf1b186a172737036879eb03e1af7b9f0f546b0410833748770cd99f2a070a53897783c6969afed592c6a33544c9aa20b2b857d0cec7eec10a9c9ba8b3523e6a57e4afca28e8a6483606d1adc06cbc507380769d127557ee3fd661eb1de8470ed0d870000000ac88e3ed900000000000000010010000080000000e15cb0fa60f112d155fed0e14594608dba2c60edc3f67a64c32dad570e1cad670c937ba9d86ad5fdcc8d5d29972e7bbee34dc5efeb89089924e9f3894a588d10de678f4cb1493b73f2595f213ced0433e4f7e6491d46b73be682f279e1ebda8aec575151e6cd43977a3fc1d843fde3d272e162fa30e3307e1afdc00000000007502ab9cf99b8711100100005a0c0000dc0acc25165a664b94c40da6103d8409d01471b0d21e703f331dbe40d13402573c291a13c9c33443ae09743d2d8359819e4259e54d4d5fa4c9e239eb947418a389d38f1707078344084de6ab59f44b4c1d3a5ef99cdc3f7c232f29996710047ac144e234ce926ff9c57281e30ba564a30902d942db2f337f52a9702b3d16f33505d3310fdddfdcd44ea54f610bae7d4948e15aef8081cb8dc9fa76cc812b17279f7fd65d866b36e85e1a385716864215bcabc555e2704b158073bf3993f9424521ee878ab65f9f3212cd7fee5dfc181d937b86f5f2473f08557e5c842510010000000000000101000000020000c593133edd9b0501b546088b8b7199e31f1d4479443cd500f307183db7c0eff02809b2448ac3fb9306000000000000002ed87c2ffbae74f34361fb003df6e9765293f411501ad1f8a90101c525c29e54173c6e633edf30ce98c9338d522a50b3ebf809ee69f432ec41f9b47f7a1ba2f9474aaeb91150a94012913776a97426414b504fb5cf5d865dfdfa63108a18cf03a9c3d58014209ef9c5021a637f4b1036a2658b1b2a7edf0724ceb130f63f1045c70d1d58ecad85718f9046565ca300da940d64b248bcbf8601157786d886c84eacbb06a53d17363bce8c5b2b4b45dacbb8e53aed6f45fd3965aae271dbc75651a0d54920e034d2ba1928e5d10000000066a5d91d703d97317a8cbc869dd93bd874942735ba3867067a38ff7405e6d6f9997b472d6f2641f1abd56388dca26a64a2d3ae0a6013f4d53977b047ba150afe2c345613677f03dfc4bddf7226e7e3a3f908675787a4f3000000000000000000000000000000bb4071768aaae2e8cb2d8b701dbfe590faee3b1c243706e23cb5074d1ea55e1a17f0b23381467d1aeb2fd3a900"/1114], 0x3d0}, 0x0, 0x8000000, 0x1, {0x0, r8}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd, 0x0, 0x0, 0x9c, 0x5, 0x0, {0x0, r8, r2}}, 0x3000) syz_io_uring_submit(0x0, r1, &(0x7f0000000080)=@IORING_OP_READ_FIXED={0x4, 0x4, 0x0, @fd=r0, 0xff3, 0xf09, 0x3ff, 0x1, 0x1, {0x2, r8}}, 0x3) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) 09:51:58 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0xa0840, 0x0) ioctl$CDROMREADMODE2(r0, 0x1279, &(0x7f0000000480)) 09:51:59 executing program 3: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0) ioctl$CDROM_SEND_PACKET(r0, 0x5304, &(0x7f0000000340)={"9aa04bb5181700d0f7d4c0ae", 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0}) [ 115.490197] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 115.491890] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 115.492961] CPU: 0 UID: 0 PID: 4014 Comm: syz-executor.7 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 115.494675] Tainted: [D]=DIE, [W]=WARN [ 115.495238] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.496471] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.497207] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.499809] RSP: 0018:ffff888046d1f800 EFLAGS: 00010212 [ 115.500575] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90006c1b000 [ 115.501613] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 115.502628] RBP: ffff888046d1fa70 R08: ffff88806ce31340 R09: ffffe8ffffc15e50 [ 115.503650] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 115.504674] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 115.505716] FS: 00007f0ad7672700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 115.506848] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.507670] CR2: 0000001b2d120000 CR3: 000000000d43a000 CR4: 0000000000350ef0 [ 115.508688] Call Trace: [ 115.509079] [ 115.509434] ? perf_trace_lock+0xb5/0x5d0 [ 115.510043] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.510713] ? __pfx_perf_tp_event+0x10/0x10 [ 115.511357] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 115.512070] ? perf_swevent_event+0x63/0x3f0 [ 115.512713] ? perf_tp_event+0x807/0xe70 [ 115.513330] ? __pfx_perf_tp_event+0x10/0x10 [ 115.513971] ? unwind_get_return_address+0x59/0xa0 [ 115.514721] ? perf_trace_run_bpf_submit+0xef/0x180 [ 115.515442] perf_trace_run_bpf_submit+0xef/0x180 [ 115.516142] perf_trace_lock+0x337/0x5d0 [ 115.516748] ? perf_swevent_event+0x63/0x3f0 [ 115.517427] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.518102] ? get_futex_key+0x592/0x14a0 [ 115.518706] ? futex_ref_get+0x114/0x300 [ 115.519302] ? futex_hash+0x15c/0x390 [ 115.519861] lock_release+0x1ab/0x290 [ 115.520425] ? futex_hash+0x15c/0x390 [ 115.520977] futex_ref_get+0x119/0x300 [ 115.521578] ? futex_hash+0x15c/0x390 [ 115.522126] futex_hash+0x70/0x390 [ 115.522651] futex_wake+0x143/0x540 [ 115.523190] ? __pfx_futex_wake+0x10/0x10 [ 115.523795] ? kmem_cache_free+0x2a1/0x540 [ 115.524414] ? putname.part.0+0x11b/0x160 [ 115.525033] do_futex+0x26d/0x370 [ 115.525561] ? __pfx_do_futex+0x10/0x10 [ 115.526136] ? perf_trace_run_bpf_submit+0xef/0x180 [ 115.526878] __x64_sys_futex+0x1c9/0x4d0 [ 115.527474] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 115.528314] ? __pfx___x64_sys_futex+0x10/0x10 [ 115.528982] do_syscall_64+0xbf/0x360 [ 115.529574] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.530314] RIP: 0033:0x7f0ada0fcb19 [ 115.530853] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 115.533492] RSP: 002b:00007f0ad7672218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 115.534575] RAX: ffffffffffffffda RBX: 00007f0ada20ff68 RCX: 00007f0ada0fcb19 [ 115.535590] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f0ada20ff6c [ 115.536602] RBP: 00007f0ada20ff60 R08: 000000000000000e R09: 0000000000000000 [ 115.537633] R10: 0000000000000005 R11: 0000000000000246 R12: 00007f0ada20ff6c [ 115.538658] R13: 00007ffce1f2002f R14: 00007f0ad7672300 R15: 0000000000022000 [ 115.539701] [ 115.540049] Modules linked in: [ 115.540563] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#3] SMP KASAN NOPTI [ 115.542186] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 115.543267] CPU: 0 UID: 0 PID: 4014 Comm: syz-executor.7 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 115.544959] Tainted: [D]=DIE, [W]=WARN [ 115.545548] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.546728] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.547406] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.550006] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012 [ 115.550796] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 115.551823] RDX: ffff888043f08000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 115.552834] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc15e50 [ 115.553868] R10: 0000000000000000 R11: 746e756f63716573 R12: dffffc0000000000 [ 115.554873] R13: 000000000000002c R14: ffff88806ce31490 R15: dffffc0000000000 [ 115.555897] FS: 00007f0ad7672700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 115.557042] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.557948] CR2: 0000001b2d120000 CR3: 000000000d43a000 CR4: 0000000000350ef0 [ 115.558955] Call Trace: [ 115.559327] [ 115.559658] ? __pfx_perf_tp_event+0x10/0x10 [ 115.560310] ? __pfx_css_rstat_updated+0x10/0x10 [ 115.561004] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 115.561798] ? trace_pelt_se_tp+0xdf/0x130 [ 115.562440] ? __update_load_avg_se+0x428/0xa40 [ 115.563127] ? __cgroup_account_cputime+0x30/0xc0 [ 115.563828] ? perf_trace_lock+0xb5/0x5d0 [ 115.564418] ? perf_trace_lock+0xb5/0x5d0 [ 115.565011] ? __resched_curr+0x2a2/0x330 [ 115.565657] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.566317] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.566984] ? check_preempt_wakeup_fair+0x406/0x950 [ 115.567725] ? perf_trace_run_bpf_submit+0xef/0x180 [ 115.568461] ? do_raw_spin_unlock+0x53/0x220 [ 115.569139] perf_trace_run_bpf_submit+0xef/0x180 [ 115.569850] perf_trace_lock+0x337/0x5d0 [ 115.570444] ? do_raw_spin_lock+0x123/0x260 [ 115.571090] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.571760] ? clockevents_program_event+0x14f/0x360 [ 115.572537] ? hrtimer_interrupt+0x114/0x830 [ 115.573195] lock_release+0x1ab/0x290 [ 115.573765] ktime_get_update_offsets_now+0xab/0x3c0 [ 115.574498] ? hrtimer_interrupt+0x114/0x830 [ 115.575150] ? __pfx_lapic_next_deadline+0x10/0x10 [ 115.575863] hrtimer_interrupt+0x114/0x830 [ 115.576477] ? __pfx_flush_tlb_func+0x10/0x10 [ 115.577149] ? trace_csd_function_exit+0x134/0x190 [ 115.577872] ? __flush_smp_call_function_queue+0x28c/0x740 [ 115.578678] __sysvec_apic_timer_interrupt+0xbb/0x330 [ 115.579426] sysvec_apic_timer_interrupt+0x6b/0x80 [ 115.580161] [ 115.580495] [ 115.580826] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 115.581604] RIP: 0010:oops_exit+0x0/0x50 [ 115.582201] Code: 00 3a 00 be ff ff ff ff 48 c7 c7 50 b4 43 86 e8 c6 0f f9 ff 5b e9 50 00 3a 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 36 00 3a 00 8b 1d c0 3d 4f 06 31 ff 89 de e8 57 [ 115.584760] RSP: 0018:ffff888046d1f690 EFLAGS: 00000202 [ 115.585556] RAX: 000000000002eedc RBX: 0000000000000212 RCX: ffffc90006c1b000 [ 115.586581] RDX: 0000000000040000 RSI: ffffffff812a3dca RDI: 0000000000000007 [ 115.587604] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f12690 [ 115.588616] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888046d1f758 [ 115.589661] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000 [ 115.590695] ? oops_end+0x4a/0xe0 [ 115.591212] oops_end+0x65/0xe0 [ 115.591711] exc_general_protection+0x1a2/0x330 [ 115.592405] asm_exc_general_protection+0x26/0x30 [ 115.593139] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.593819] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.596370] RSP: 0018:ffff888046d1f800 EFLAGS: 00010212 [ 115.597147] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90006c1b000 [ 115.598169] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 115.599198] RBP: ffff888046d1fa70 R08: ffff88806ce31340 R09: ffffe8ffffc15e50 [ 115.600223] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 115.601252] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 115.602270] ? perf_tp_event+0x167/0xe70 [ 115.602875] ? perf_trace_lock+0xb5/0x5d0 [ 115.603483] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.604165] ? __pfx_perf_tp_event+0x10/0x10 [ 115.604812] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 115.605566] ? perf_swevent_event+0x63/0x3f0 [ 115.606222] ? perf_tp_event+0x807/0xe70 [ 115.606828] ? __pfx_perf_tp_event+0x10/0x10 [ 115.607478] ? unwind_get_return_address+0x59/0xa0 [ 115.608223] ? perf_trace_run_bpf_submit+0xef/0x180 [ 115.608955] perf_trace_run_bpf_submit+0xef/0x180 [ 115.609706] perf_trace_lock+0x337/0x5d0 [ 115.610307] ? perf_swevent_event+0x63/0x3f0 [ 115.610966] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.611641] ? get_futex_key+0x592/0x14a0 [ 115.612244] ? futex_ref_get+0x114/0x300 [ 115.612830] ? futex_hash+0x15c/0x390 [ 115.613413] lock_release+0x1ab/0x290 [ 115.613971] ? futex_hash+0x15c/0x390 [ 115.614528] futex_ref_get+0x119/0x300 [ 115.615092] ? futex_hash+0x15c/0x390 [ 115.615651] futex_hash+0x70/0x390 [ 115.616176] futex_wake+0x143/0x540 [ 115.616725] ? __pfx_futex_wake+0x10/0x10 [ 115.617365] ? kmem_cache_free+0x2a1/0x540 [ 115.617986] ? putname.part.0+0x11b/0x160 [ 115.618593] do_futex+0x26d/0x370 [ 115.619105] ? __pfx_do_futex+0x10/0x10 [ 115.619689] ? perf_trace_run_bpf_submit+0xef/0x180 [ 115.620427] __x64_sys_futex+0x1c9/0x4d0 [ 115.621036] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 115.621897] ? __pfx___x64_sys_futex+0x10/0x10 [ 115.622576] do_syscall_64+0xbf/0x360 [ 115.623134] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.623884] RIP: 0033:0x7f0ada0fcb19 [ 115.624421] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 115.627017] RSP: 002b:00007f0ad7672218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 115.628093] RAX: ffffffffffffffda RBX: 00007f0ada20ff68 RCX: 00007f0ada0fcb19 [ 115.629136] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f0ada20ff6c [ 115.630162] RBP: 00007f0ada20ff60 R08: 000000000000000e R09: 0000000000000000 [ 115.631180] R10: 0000000000000005 R11: 0000000000000246 R12: 00007f0ada20ff6c [ 115.632194] R13: 00007ffce1f2002f R14: 00007f0ad7672300 R15: 0000000000022000 [ 115.633248] [ 115.633601] Modules linked in: [ 115.634073] ---[ end trace 0000000000000000 ]--- [ 115.634758] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.635454] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.638068] RSP: 0018:ffff888045a9f800 EFLAGS: 00010212 [ 115.638821] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 115.639844] RDX: ffff8880165e8000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 115.640862] RBP: ffff888045a9fa70 R08: ffff88806cf31340 R09: ffffe8ffffd15e50 [ 115.641909] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 115.642923] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 115.643952] FS: 00007f0ad7672700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 115.645110] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.645955] CR2: 0000001b2d120000 CR3: 000000000d43a000 CR4: 0000000000350ef0 [ 115.646966] Kernel panic - not syncing: Fatal exception in interrupt [ 115.648112] Kernel Offset: disabled [ 115.648634] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 09:51:55 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=ffff88806cf3c300 RCX=ffffffff816880fc RDX=ffff888018a41b80 RSI=ffffffff816880d6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff888046e57988 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=1ffff1100d9c6bb1 R12=ffffed100d9e7861 R13=ffff88806cf3c308 R14=0000000000000001 R15=dffffc0000000000 RIP=ffffffff816880d8 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00005555862ff400 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe6b00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f685ca24718 CR3=00000000433df000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f685f5b67c000007f685f5b67c8 XMM02=00007f685f5b67e000007f685f5b67c0 XMM03=00007f685f5b67c800007f685f5b67c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888045a9f198 R8 =0000000000000000 R9 =ffffed10015fe046 R10=0000000000000020 R11=6572617764726148 R12=0000000000000020 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0 RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00005555820c4400 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe6300000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00005555820c5c18 CR3=000000000dd72000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f0ada1e37c000007f0ada1e37c8 XMM02=00007f0ada1e37e000007f0ada1e37c0 XMM03=00007f0ada1e37c800007f0ada1e37c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000